MatchIQ™ Privacy Policy

1. INTRODUCTION

TechnologyMatch.com ("TechnologyMatch," "we," "us," or "our") operates the MatchIQ™ platform ("Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

This policy applies to all users of the Platform, including distributors, partners, system administrators, and developers.

2. INFORMATION WE COLLECT

2.1 Account Information

When you create an account, we collect:

• Full name and email address
• Job title and organization name
• Phone number (optional)
• Multi-factor authentication settings (when enabled)

2.2 Salesforce Synchronized Data

The Platform automatically syncs data from your Salesforce instance, including:

• Campaign Data: Campaign names, dates, goals, status, tracker codes
• Opportunity Data: Opportunity names, stages, amounts, close dates, sales team members
• Contact Data: Names, email addresses, phone numbers, job titles, addresses
• Account Data: Company names, industries, revenue, employee counts
• Lead Data: Lead status, qualification scores, survey responses, appointment details
• Call Recordings: Audio files, transcripts, recording metadata
• Custom Fields: Any additional fields mapped in your Salesforce configuration

2.3 Usage Data

We automatically collect:

• Login timestamps and IP addresses
• Pages viewed and features accessed
• API calls and usage patterns
• Device and browser information
• Session duration and interaction logs

2.4 Call Recording Data

For opportunities with call recordings, we collect:

• Audio files (uploaded to AWS S3)
• Transcripts generated by Google Gemini AI
• Sentiment scores and key moments
• Recording duration and metadata
• Participant information from Salesforce

2.5 Cookies and Tracking

We use:

• Essential Cookies: Session management, authentication, security
• Analytics Cookies: Usage patterns, performance monitoring (Sentry)
• Functional Cookies: User preferences, display settings

You can control cookie preferences through your browser settings.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

We use your information to:

• Provide access to the Platform and its features
• Sync and display campaign, lead, and opportunity data
• Generate AI-powered insights and sentiment analysis
• Provide call recording playback and transcription
• Enable API access and data exports
• Send system notifications and alerts
• Authenticate users and manage access permissions

3.2 AI Processing

We use Google Gemini AI to:

• Transcribe call recordings into text
• Analyze sentiment and identify key conversation moments
• Generate summaries and insights
• Extract action items and recommendations

AI processing occurs in Google Cloud Platform's infrastructure. Audio files are transmitted securely but processed by a third party.

3.3 Analytics and Improvement

We use aggregated, anonymized data to:

• Monitor Platform performance and uptime
• Identify and fix bugs or errors
• Analyze usage patterns and feature adoption
• Improve user experience and add new features
• Generate internal reports and metrics

3.4 Security and Compliance

We process information to:

• Detect and prevent fraud or unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations
• Respond to lawful requests from authorities
• Protect our rights and property

4. HOW WE SHARE YOUR INFORMATION

4.1 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Within the Platform (Multi-Tenant Isolation)

Access to your data is strictly controlled based on role and organization:

• Distributor Super Admins: Can view all campaigns and partners within their distributor organization
• Distributor Users: Can only view assigned campaign trackers
• Partner Admins: Can view their own organization's campaigns and leads
• Partner Users: Can view only assigned leads
• Other Organizations: Have zero visibility into your data

4.3 Service Providers

We share data with third-party service providers who process it on our behalf:

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.4 Legal Requirements

We may disclose information if required by law, such as:

• Complying with subpoenas, court orders, or legal processes
• Protecting our rights, property, or safety
• Investigating fraud or security issues
• Enforcing our Terms of Service

4.5 Business Transfers

If TechnologyMatch is acquired, merged, or sells assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. DATA RETENTION

5.1 Active Accounts

We retain your data for as long as your account is active and for the purposes described in this policy.

5.2 Inactive Accounts

If your account is terminated or expires:

• We retain your data for 90 days to allow reactivation or data export
• After 90 days, data is permanently deleted unless legally required to retain

5.3 Call Recordings

Call recordings are retained according to your organization's retention policy (configurable, typically 12-24 months).

5.4 Legal Holds

We may retain data longer if required by law, regulation, or litigation.

6. DATA SECURITY

6.1 Technical Measures

We protect your data using:

• Encryption at Rest: AES-256 encryption for database and S3 storage
• Encryption in Transit: TLS 1.3 for all network communications
• Access Controls: Role-based permissions, multi-tenant database isolation
• Authentication: JWT tokens, API key security, MFA support
• Monitoring: Real-time intrusion detection, security logging

6.2 Organizational Measures

• Employee access is limited to those with a legitimate need
• Regular security audits and penetration testing
• Incident response plan for data breaches
• Annual security training for staff

6.3 Your Responsibilities

You must:

• Use strong, unique passwords
• Enable multi-factor authentication (MFA) when available
• Keep your credentials confidential
• Report suspected security incidents immediately

7. YOUR PRIVACY RIGHTS

7.1 Access and Portability

You have the right to:

• Access your personal information
• Request a copy of your data in a portable format (CSV, JSON)
• Download data via the Platform's export features or API

7.2 Correction and Deletion

You have the right to:

• Correct inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention requirements)
• Deactivate your account at any time

7.3 Restriction and Objection

You have the right to:

• Restrict processing of your personal information in certain circumstances
• Object to automated decision-making (Note: Our AI provides insights only; no automated decisions affect individual rights)

7.4 Withdrawal of Consent

If we rely on consent for processing (e.g., cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.

7.5 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@technologymatch.com
• Subject Line: "Privacy Rights Request - MatchIQ"
• Include: Your name, email, organization, and specific request

We will respond within 30 days (or as required by applicable law).

8. GDPR COMPLIANCE (EU/EEA Users)

8.1 Legal Basis for Processing

We process your data based on:

• Contract Performance: To provide the Platform services you subscribed to
• Legitimate Interests: To improve our services, ensure security, and analyze usage
• Legal Obligations: To comply with applicable laws and regulations
• Consent: For optional features like advanced analytics (where required)

8.2 Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We use Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure adequate protection.

8.3 EU Representative

If you are in the EU/EEA and have questions about GDPR compliance, contact our EU representative at:

Email: gdpr@technologymatch.com

8.4 Supervisory Authority

EU/EEA residents have the right to lodge a complaint with their local data protection authority.

9. CCPA COMPLIANCE (California Residents)

9.1 California Rights

California residents have the right to:

• Know: What personal information we collect, use, and share
• Access: Request a copy of your personal information
• Delete: Request deletion of your personal information (subject to exceptions)
• Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
• Non-Discrimination: Not be discriminated against for exercising your rights

9.2 Exercising CCPA Rights

California residents may exercise these rights by contacting:

• Email: ccpa@technologymatch.com
• Website: https://technologymatch.com

We will verify your identity before processing requests.

9.3 Do Not Sell My Personal Information

We do not sell personal information. However, third-party analytics services (Sentry) may collect data that could be considered a "sale" under CCPA. You may opt out by adjusting cookie preferences.

10. CHILDREN'S PRIVACY

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately.

11. INTERNATIONAL DATA TRANSFERS

11.1 Data Locations

Your data may be stored and processed in:

• Primary: AWS US-East-1 (Virginia, USA)
• Secondary: Google Cloud Platform (for AI processing)
• Monitoring: Sentry (USA)

11.2 Transfer Mechanisms

For transfers from the EU/EEA to the USA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Data Processing Agreements (DPAs) with service providers
• Adequate safeguards to ensure data protection

12. THIRD-PARTY LINKS

The Platform may contain links to third-party websites or services (e.g., Salesforce, training videos, partner websites). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on the Platform
• Sending email notification to your registered address
• Providing 30 days' notice before changes take effect

Continued use after changes take effect constitutes acceptance.